[go: up one dir, main page]

WO2009031772A1 - System and method for filtering sip-based spam - Google Patents

System and method for filtering sip-based spam Download PDF

Info

Publication number
WO2009031772A1
WO2009031772A1 PCT/KR2008/004844 KR2008004844W WO2009031772A1 WO 2009031772 A1 WO2009031772 A1 WO 2009031772A1 KR 2008004844 W KR2008004844 W KR 2008004844W WO 2009031772 A1 WO2009031772 A1 WO 2009031772A1
Authority
WO
WIPO (PCT)
Prior art keywords
spam
sip message
filtering
policy
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2008/004844
Other languages
French (fr)
Inventor
So Yung Park
Sung Hei Kim
Shin Gak Kang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electronics and Telecommunications Research Institute ETRI
Original Assignee
Electronics and Telecommunications Research Institute ETRI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electronics and Telecommunications Research Institute ETRI filed Critical Electronics and Telecommunications Research Institute ETRI
Priority to US12/674,937 priority Critical patent/US20110119749A1/en
Publication of WO2009031772A1 publication Critical patent/WO2009031772A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1076Screening of IP real time communications, e.g. spam over Internet telephony [SPIT]
    • H04L65/1079Screening of IP real time communications, e.g. spam over Internet telephony [SPIT] of unsolicited session attempts, e.g. SPIT
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/212Monitoring or handling of messages using filtering or selective blocking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1101Session protocols
    • H04L65/1104Session initiation protocol [SIP]

Definitions

  • the present invention relates to a system and method for filtering Session Initiation
  • SIP Session Initiation Protocol
  • SMS Short Message Service
  • IP Internet Protocol
  • SPIM Spam over Instant messaging
  • SPIT Spam over Internet Telephony
  • IP application services such as internet phones are provided in real time and service contents may include multimedia as well as text. Further, users can use several IP supplementary services at the same time while using a main IP application service.
  • IP application services include not only text but also multimedia contents, which is unlike email, detecting internet telephony spam requires significant efforts and spam filtering may put extra load on network equipment and service user terminals.
  • the present invention provides a SIP-based spam filtering system and method for detecting a spam call by analyzing a SIP message transmitted in order to establish a call session and for filtering spam according to a spam policy previously set by a call recipient.
  • a system for filtering SIP (Session Initiation Protocol)-based spam including: a spam detection unit for receiving a SIP message where labeling is performed from a sending user agent and detecting the spam using a label in the SIP message; a spam checking unit for checking a call recipient from the SIP message and confirming a spam policy previously set by the call recipient through a spam management server; and a spam filtering unit for filtering the spam based on the confirmed spam policy.
  • SIP Session Initiation Protocol
  • a method for filtering SIP-based spam including: generating and transmitting a SIP message where labeling is performed in case of a spam mode; managing a spam policy previously set by a recipient user agent; and if the spam is detected from the SIP message where labeling is performed, filtering a spam call based on the previously set spam policy.
  • a spam call is detected by analyzing the SIP message transmitted to establish a call session and spam is filtered out according to the spam policy previously set by the call recipient, thereby minimizing damage caused by internet telephony spam on the SIP network.
  • Fig. 1 is a block diagram of a basic network for a system for filtering SIP-based spam in accordance with the embodiment of the present invention
  • Fig. 2 is a detailed block diagram of a network for a system for filtering SIP-based spam in accordance with the embodiment of the present invention
  • Fig. 3 is a detailed flow chart for describing a process for inserting a label into a SIP message
  • Fig. 4 is a structure diagram of a SIP message where labeling is performed
  • Fig. 5 is a detailed flow chart for describing a process in a recipient proxy server in accordance with the embodiment of the present invention.
  • Fig. 6 is a detailed flow chart for describing a process in a recipient proxy server in accordance with another embodiment of the present invention.
  • Fig. 1 is a block diagram of a basic network for a system for filtering SIP-based spam in accordance with the present invention.
  • the network includes user agents 11 and 14, proxy servers 12 and 15, a Domain Name System (hereinafter, referred to as "DNS" server 13, a location server 16 and a spam management server 17.
  • DNS Domain Name System
  • the user agent 11 is assumed as a caller, e.g., a spammer sending spam
  • the user agent 14 is assumed as a call recipient, e.g., a spam recipient using internet telephony services and receiving spam.
  • the proxy servers 12 and 15 handle SIP message routing between the user agents 11 and 14.
  • the DNS server 13 and the location server 16 are databases that supply information to the proxy servers 12 and 15 in order to effectively provide internet telephony services.
  • the spam management server 17 connected to the proxy server 15 is to manage spam.
  • the user agents 11 and 14 and the proxy servers 12 and 15 communicate with each other by using SIP, while both communication between the user agents 11 and 14 to establish a session and communication between the proxy servers 12 and 15 are performed by using SIP. However, real-time media communication between the user agents 11 and 14 is done by Real-Time Protocol (hereinafter, referred to as "RTP").
  • RTP Real-Time Protocol
  • Fig. 2 is a block diagram of a detailed network for a system for filtering SIP-based spam in accordance with the embodiment of the present invention.
  • the network includes the user agents 11 and 14, the proxy servers 12 and 15, the DNS server 13, the location server 16 and the spam management server 17.
  • the user agent 11 includes an input unit 1 Ia, a mode selector 1 Ib and SIP message generator l ie.
  • An input is fed through the input unit 1 Ia to select a mode of the mode selector 1 Ib and to generate SIP messages.
  • the input unit 11a refers to input buttons on the telephone and an input unit for the mode selector 1 Ib and an input unit for the SIP message generator 1 Ic do not need to be physically the same.
  • the mode selector 1 Ib serves to select either a spam mode 1 lba or a normal mode
  • the mode selector 116 selects the mode in order to determine whether to insert a label.
  • the SIP message generator 1 Ic has a label insertion unit 1 lea and checks the mode selected by the mode selector 1 Ib in order to connect a session by using SIP. In case of the spam mode 1 lba, the SIP message generator 1 Ic transmits a SIP message generated by the input of the input unit 1 Ia to the proxy servers 12 and 15 through a network Sl. At that time, a label is inserted into the SIP message by the label insertion unit 1 lea so that it can be used to detect internet telephony spam.
  • the SIP message generator 1 Ic checks whether the transmission mode of the mode selector 1 Ib is a spam mode 1 lba or not (step S301). In case of the normal mode 1 lbb, the transmission mode is switched to the spam mode 1 lba (step S303). If the result of step S301 indicates the spam mode 1 lba, a SIP message is generated in the current spam mode 1 lba. At that time, a label of an agreed phrase is inserted into the SIP message (step S305).
  • the SIP message where labeling is performed is transmitted to the proxy servers 12 and 15 through the network Sl (step S307) and whether a session is connected is checked (step S309). If the session is not connected according to step S309, the process is terminated. In contrast, if the session is connected, spam is transmitted to the proxy servers 12 and 15 through the network Sl (step S311).
  • the SIP message where labeling is performed may include a start line 401, a message header 402 and a message body 403 as shown in Fig. 4.
  • Each field of the message header 402 has various information necessary for message transmission and the SIP message may also include agreed text indicating spam such as a label.
  • agreed text indicating spam e.g., [spam]
  • the recipient proxy server 15 or user agent 14 checks the agreed text in the SIP message to thereby confirm that the current session is for spam call transmission.
  • contents of the label inserted into the SIP message are agreed in advance, they may be nationally agreed text indicating spam or may be text agreed between internet telephony service providers. There is no limitation in the agreement of the text contained in the label.
  • the proxy server 12 serving as a transmission server transmits the SIP message where labeling is completed, which is fed from the user agent 11 through the network Sl, to the proxy server 15 serving as a recipient server by referring to the recipient DNS stored in a database of the DNS server 13.
  • the proxy server 15 serving as a recipient server is formed of a spam management unit 15a and uses a database of the location server 16.
  • the spam management unit 15a includes a spam detection unit 15aa, a spam checking unit 15ab and a spam filtering unit 15ac, and the proxy server 15.
  • the spam detection unit 15aa detects whether the label of the SIP message fed through the network S 1 contains agreed text indicating spam and, if there is agreed text, the SIP message is detected as spam. Otherwise, the SIP message is detected as non-spam.
  • the spam checking unit 15ab includes a spam recipient checking unit 15aba and a spam policy checking unit 15abb.
  • the spam recipient checking unit 15aba checks information of the user agent 14 serving as a call recipient from the SIP message.
  • the spam policy checking unit 15abb requests that the spam management server 17 check a spam policy of the user agent 14 confirmed by the spam recipient checking unit 15aba, receives the spam policy from the spam management server 17 and then transmits it to the spam filtering unit 15ac.
  • the spam filtering unit 15ac stores the filtered spam in a filtered spam storage unit 17b of the spam management server 17. On the contrary, if the user agent 14 does not want a session connection according to the spam policy checked by the spam checking unit 15ab, the spam filtering unit 15ac refuses the session connection and terminates the communication.
  • step S501 If a SIP message for voice call transmission is fed to the spam detection unit 15aa of the spam management unit 15a (step S501), label information is extracted from the SIP message (step S503) and then whether there is a label with agreed text indicating spam is checked (step S505).
  • step S505 if there is no label with the text, the SIP message is transmitted to the user agent 14 in the same manner as normal calls (step S507). On the contrary, if there is a label with inserted text, the spam recipient checking unit 15aba in the spam checking unit 15ab checks information of the call recipient user agent 14 from the SIP message (step S509).
  • the spam policy checking unit 15abb inquires of the spam management server 17 about a spam policy of the user agent 14 (step S511). According to the spam policy of the user agent 14 serving as a call recipient, whether spam filtering is requested or not is determined (step S513).
  • step S513 if filtering is not requested, the SIP message is sent to the user agent 14 like normal calls (step S515). If filtering is requested, the corresponding filtering is performed on the spam call.
  • step S517 if the user agent 14 wants to store the filtered spam (step S517), it allows a session connection and then the spam filtered by the spam filtering unit 15ac is stored in the filtered spam storage unit 17b in the spam management server 17 (step S519).
  • step S521 if the user agent 14 does not want to allow a session connection (step S521), the spam filtering unit 15ac refuses the session connection and terminates the communication (step S523).
  • a process in the proxy server 15 in accordance with another embodiment of the present invention will be described in detail with reference to Fig. 6. If a SIP message for voice call transmission is fed to the spam detection unit 15aa of the spam management unit 15a (step S601), the spam recipient checking unit 15aba of the spam checking unit 15ab checks information of the call recipient user agent 14 from the SIP message (step S603).
  • the spam policy checking unit 15abb inquires of the spam management server 17 about a spam policy of the user agent 14 (step S605). According to the spam policy of the user agent 14 serving as a call recipient, whether spam filtering is requested or not is determined (step S607).
  • step S607 if filtering is not requested, the SIP message is sent to the user agent 14 like normal calls (step S609). If filtering is requested, it needs to be confirmed that the session is for transmission of a spam call. Therefore, label information is extracted from the SIP message (step S611) and whether there is agreed text indicating spam in the inserted label is then checked (step S613).
  • step S613 if there is no text in the inserted label, the SIP message is transmitted to the user agent 14 in the same manner as normal calls (step S615). However, if the inserted label contains text, the spam call is filtered out according to the spam policy set by the call recipient user agent 14.
  • step S617 if the user agent 14 wants to store the filtered spam (step S617), it allows a session connection and then the spam filtered by the spam filtering unit 15ac is stored in the filtered spam storage unit 17b in the spam management server 17 (step S619).
  • step S621 if the user agent 14 does not want to allow a session connection (step S621), the spam filtering unit 15ac refuses the session connection and terminates the communication (step S623).
  • the spam management server 17 deals with various spam policies previously set by the call recipient and it includes a spam policy management unit 17a and the filtered spam storage unit 17b.
  • the spam policy management unit 17a has a spam filtering unit 17aa, a spam monitoring unit 17ab and a spam storage unit 17ac.
  • the spam filtering unit 17aa manages spam filtering policies according to the spam policies previously set by the call recipient user agent 14 such that a session connection is refused, a spam call is transmitted like a normal call and the spam is stored not in the call recipient user agent 14 but in the filtered spam storage unit 17b of the spam management server 17.
  • the spam monitoring unit 17ab manages spam monitoring policies previously set by the call recipient user agent 14 such that spam reception is monitored or is required to be reported to the user agent 14.
  • the spam storage unit 17ac stores the spam policies about the storage of the filtered spam which are previously set by the call recipient user agent 14.
  • the filtered spam storage unit 17b stores filtered spam fed from the spam filtering unit 15ac in the proxy server 15.
  • a spam call is transmitted to the call recipient user agent 14 or the spam filtering result is reported to the user agent 14 by the internet telephony service providers.
  • the spam filtering result is outputted through an output unit 14a in the user agent 14 so that the call recipient can confirm.
  • the call recipient user agent 14 may properly store various desired spam policies into the spam filtering unit 17aa, spam monitoring unit 17ab or spam storage unit 17ac in the spam management server 17.
  • a spam call is detected by analyzing the SIP message transmitted in order to establish a call session and spam is filtered out according to the spam policy previously set by the call recipient so that damage caused by internet telephony spam on the SIP network can be reduced.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • General Engineering & Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Business, Economics & Management (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A system for filtering SIP (Session Initiation Protocol)-based spam includes a spam detection unit for receiving a SIP message where labeling is performed from a sending user agent and detecting the spam using a label in the SIP message. Further, the system includes a spam checking unit for checking a call recipient from the SIP message and confirming a spam policy previously set by the call recipient through a spam management server; and a spam filtering unit for filtering the spam based on the confirmed spam policy.

Description

Description SYSTEM AND METHOD FOR FILTERING SIP-BASED SPAM
Technical Field
[1] Cross-Reference to Related Applications
[2]
[3] The present invention claims priority of Korean Patent Application No.
10-2007-0089953, filed on September 05, 2007, which is incorporated herein by reference.
[4] The present invention relates to a system and method for filtering Session Initiation
Protocol (hereinafter, referred to as "SIP") based spam; and, more particularly, to a system and method for detecting a spam call by analyzing a SIP message transmitted to establish a call session and for filtering spam according to a spam policy previously set by a call recipient.
[5] This work was supported by the IT R&D program of MIC/IITA [2007-P10-41, Study on Standardization of Public Safety for IP Applications].
[6]
Background Art
[7] As well known, spam is defined as bulk unsolicited commercial mail. Massive spam mail causes harm to many service users and, in particular, mobile phone service users suffer from mobile phone Short Message Service (hereinafter, referred to as "SMS") spam since mobile phones became popular.
[8] Further, as Internet Protocol (hereinafter, referred to as "IP") application services such as internet phones, internet connections and instant messaging are developing, spam based on IP application services is emerging as a new threat. Of spam based on the IP application services, Spam over Instant messaging (hereinafter, referred to as "SPIM") and Spam over Internet Telephony (hereinafter, referred to as "SPIT") have become the main issue.
[9] That is, there are significant differences in technical characteristics between spam based on IP application services and email spam. For example, a large part of IP application services such as internet phones are provided in real time and service contents may include multimedia as well as text. Further, users can use several IP supplementary services at the same time while using a main IP application service.
[10] However, according to the conventional techniques, once spam occurs, a spam recipient has to waste time and efforts to detect or delete spam and the spam occupies a storage space of an internet telephony terminal. Further, illegal and scam spam can cause material/mental harm, so that damage that IP application service users can get may be much more than damage that email spam can cause. Furthermore, IP application services have security weakness due to IP network characteristics, which allows a variety of spam generation methods. Besides, there are technical problems to find and deal with the spam.
[11] On the other hand, since an consensus for the requirement to prevent a threat of IP application service spam was established, research to cope with IP application service spam has been performed. However, due to the technical characteristics of IP application service spam, it is quite difficult to apply the solution for the email spam to the IP application service spam.
[12] In addition, since IP application services include not only text but also multimedia contents, which is unlike email, detecting internet telephony spam requires significant efforts and spam filtering may put extra load on network equipment and service user terminals.
[13]
Disclosure of Invention Technical Problem
[14] In view of the above, the present invention provides a SIP-based spam filtering system and method for detecting a spam call by analyzing a SIP message transmitted in order to establish a call session and for filtering spam according to a spam policy previously set by a call recipient.
[15]
Technical Solution
[16] In accordance with an aspect of the present invention, there is provideda system for filtering SIP (Session Initiation Protocol)-based spam including: a spam detection unit for receiving a SIP message where labeling is performed from a sending user agent and detecting the spam using a label in the SIP message; a spam checking unit for checking a call recipient from the SIP message and confirming a spam policy previously set by the call recipient through a spam management server; and a spam filtering unit for filtering the spam based on the confirmed spam policy.
[17] In accordance with another aspect of the present invention, there is provideda method for filtering SIP-based spam including: generating and transmitting a SIP message where labeling is performed in case of a spam mode; managing a spam policy previously set by a recipient user agent; and if the spam is detected from the SIP message where labeling is performed, filtering a spam call based on the previously set spam policy.
[18] In the present invention, a spam call is detected by analyzing the SIP message transmitted to establish a call session and spam is filtered out according to the spam policy previously set by the call recipient, thereby minimizing damage caused by internet telephony spam on the SIP network. Brief Description of the Drawings
[19] The objects and features of the present invention will become apparent from the following description of embodiments given in conjunction with the accompanying drawings, in which: [20] Fig. 1 is a block diagram of a basic network for a system for filtering SIP-based spam in accordance with the embodiment of the present invention; [21] Fig. 2 is a detailed block diagram of a network for a system for filtering SIP-based spam in accordance with the embodiment of the present invention; [22] Fig. 3 is a detailed flow chart for describing a process for inserting a label into a SIP message;
[23] Fig. 4 is a structure diagram of a SIP message where labeling is performed;
[24] Fig. 5 is a detailed flow chart for describing a process in a recipient proxy server in accordance with the embodiment of the present invention; and [25] Fig. 6 is a detailed flow chart for describing a process in a recipient proxy server in accordance with another embodiment of the present invention. [26]
Best Mode for Carrying Out the Invention [27] Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings which form a part hereof. [28] Fig. 1 is a block diagram of a basic network for a system for filtering SIP-based spam in accordance with the present invention. The network includes user agents 11 and 14, proxy servers 12 and 15, a Domain Name System (hereinafter, referred to as "DNS" server 13, a location server 16 and a spam management server 17. [29] For example, the user agent 11 is assumed as a caller, e.g., a spammer sending spam and the user agent 14 is assumed as a call recipient, e.g., a spam recipient using internet telephony services and receiving spam. [30] The proxy servers 12 and 15 handle SIP message routing between the user agents 11 and 14. [31] The DNS server 13 and the location server 16 are databases that supply information to the proxy servers 12 and 15 in order to effectively provide internet telephony services. [32] The spam management server 17 connected to the proxy server 15 is to manage spam. [33] The user agents 11 and 14 and the proxy servers 12 and 15 communicate with each other by using SIP, while both communication between the user agents 11 and 14 to establish a session and communication between the proxy servers 12 and 15 are performed by using SIP. However, real-time media communication between the user agents 11 and 14 is done by Real-Time Protocol (hereinafter, referred to as "RTP").
[34] Fig. 2 is a block diagram of a detailed network for a system for filtering SIP-based spam in accordance with the embodiment of the present invention. The network includes the user agents 11 and 14, the proxy servers 12 and 15, the DNS server 13, the location server 16 and the spam management server 17.
[35] The user agent 11 includes an input unit 1 Ia, a mode selector 1 Ib and SIP message generator l ie.
[36] An input is fed through the input unit 1 Ia to select a mode of the mode selector 1 Ib and to generate SIP messages. For example, the input unit 11a refers to input buttons on the telephone and an input unit for the mode selector 1 Ib and an input unit for the SIP message generator 1 Ic do not need to be physically the same.
[37] The mode selector 1 Ib serves to select either a spam mode 1 lba or a normal mode
1 lbb depending on the input from the input unit 11a. Since the user agent 11 may not be used for generating spam, the mode selector 116 selects the mode in order to determine whether to insert a label.
[38] The SIP message generator 1 Ic has a label insertion unit 1 lea and checks the mode selected by the mode selector 1 Ib in order to connect a session by using SIP. In case of the spam mode 1 lba, the SIP message generator 1 Ic transmits a SIP message generated by the input of the input unit 1 Ia to the proxy servers 12 and 15 through a network Sl. At that time, a label is inserted into the SIP message by the label insertion unit 1 lea so that it can be used to detect internet telephony spam.
[39] To be more specific, a process for inserting a label into a SIP message will be described with reference to Fig. 3. First, once a spam call is transmitted, the SIP message generator 1 Ic checks whether the transmission mode of the mode selector 1 Ib is a spam mode 1 lba or not (step S301). In case of the normal mode 1 lbb, the transmission mode is switched to the spam mode 1 lba (step S303). If the result of step S301 indicates the spam mode 1 lba, a SIP message is generated in the current spam mode 1 lba. At that time, a label of an agreed phrase is inserted into the SIP message (step S305). Then, the SIP message where labeling is performed, e.g., as shown in Fig. 4, is transmitted to the proxy servers 12 and 15 through the network Sl (step S307) and whether a session is connected is checked (step S309). If the session is not connected according to step S309, the process is terminated. In contrast, if the session is connected, spam is transmitted to the proxy servers 12 and 15 through the network Sl (step S311).
[40] Herein, the SIP message where labeling is performed may include a start line 401, a message header 402 and a message body 403 as shown in Fig. 4. Each field of the message header 402 has various information necessary for message transmission and the SIP message may also include agreed text indicating spam such as a label. For example, agreed text indicating spam, e.g., [spam], is inserted into a subject field 404 of the message header 402 and therefore the recipient proxy server 15 or user agent 14 checks the agreed text in the SIP message to thereby confirm that the current session is for spam call transmission.
[41] Further, while contents of the label inserted into the SIP message are agreed in advance, they may be nationally agreed text indicating spam or may be text agreed between internet telephony service providers. There is no limitation in the agreement of the text contained in the label.
[42] The proxy server 12 serving as a transmission server transmits the SIP message where labeling is completed, which is fed from the user agent 11 through the network Sl, to the proxy server 15 serving as a recipient server by referring to the recipient DNS stored in a database of the DNS server 13.
[43] The proxy server 15 serving as a recipient server is formed of a spam management unit 15a and uses a database of the location server 16. The spam management unit 15a includes a spam detection unit 15aa, a spam checking unit 15ab and a spam filtering unit 15ac, and the proxy server 15.
[44] The spam detection unit 15aa detects whether the label of the SIP message fed through the network S 1 contains agreed text indicating spam and, if there is agreed text, the SIP message is detected as spam. Otherwise, the SIP message is detected as non-spam.
[45] The spam checking unit 15ab includes a spam recipient checking unit 15aba and a spam policy checking unit 15abb. The spam recipient checking unit 15aba checks information of the user agent 14 serving as a call recipient from the SIP message. The spam policy checking unit 15abb requests that the spam management server 17 check a spam policy of the user agent 14 confirmed by the spam recipient checking unit 15aba, receives the spam policy from the spam management server 17 and then transmits it to the spam filtering unit 15ac.
[46] If the user agent 14 wants to store spam according to the spam policy checked by the spam checking unit 15ab, the spam filtering unit 15ac stores the filtered spam in a filtered spam storage unit 17b of the spam management server 17. On the contrary, if the user agent 14 does not want a session connection according to the spam policy checked by the spam checking unit 15ab, the spam filtering unit 15ac refuses the session connection and terminates the communication.
[47] A process in the proxy server 15 in accordance with the embodiment of the present invention will be described in detail with reference to Fig. 5. If a SIP message for voice call transmission is fed to the spam detection unit 15aa of the spam management unit 15a (step S501), label information is extracted from the SIP message (step S503) and then whether there is a label with agreed text indicating spam is checked (step S505).
[48] According to the result of step S505, if there is no label with the text, the SIP message is transmitted to the user agent 14 in the same manner as normal calls (step S507). On the contrary, if there is a label with inserted text, the spam recipient checking unit 15aba in the spam checking unit 15ab checks information of the call recipient user agent 14 from the SIP message (step S509).
[49] Thereafter, by using the information of the confirmed user agent 14, the spam policy checking unit 15abb inquires of the spam management server 17 about a spam policy of the user agent 14 (step S511). According to the spam policy of the user agent 14 serving as a call recipient, whether spam filtering is requested or not is determined (step S513).
[50] According to the result of step S513, if filtering is not requested, the SIP message is sent to the user agent 14 like normal calls (step S515). If filtering is requested, the corresponding filtering is performed on the spam call.
[51] That is, if the user agent 14 wants to store the filtered spam (step S517), it allows a session connection and then the spam filtered by the spam filtering unit 15ac is stored in the filtered spam storage unit 17b in the spam management server 17 (step S519). On the other hand, if the user agent 14 does not want to allow a session connection (step S521), the spam filtering unit 15ac refuses the session connection and terminates the communication (step S523).
[52] A process in the proxy server 15 in accordance with another embodiment of the present invention will be described in detail with reference to Fig. 6. If a SIP message for voice call transmission is fed to the spam detection unit 15aa of the spam management unit 15a (step S601), the spam recipient checking unit 15aba of the spam checking unit 15ab checks information of the call recipient user agent 14 from the SIP message (step S603).
[53] Thereafter, by using the information of the confirmed user agent 14, the spam policy checking unit 15abb inquires of the spam management server 17 about a spam policy of the user agent 14 (step S605). According to the spam policy of the user agent 14 serving as a call recipient, whether spam filtering is requested or not is determined (step S607).
[54] According to the result of step S607, if filtering is not requested, the SIP message is sent to the user agent 14 like normal calls (step S609). If filtering is requested, it needs to be confirmed that the session is for transmission of a spam call. Therefore, label information is extracted from the SIP message (step S611) and whether there is agreed text indicating spam in the inserted label is then checked (step S613).
[55] According to the result of step S613, if there is no text in the inserted label, the SIP message is transmitted to the user agent 14 in the same manner as normal calls (step S615). However, if the inserted label contains text, the spam call is filtered out according to the spam policy set by the call recipient user agent 14.
[56] That is, if the user agent 14 wants to store the filtered spam (step S617), it allows a session connection and then the spam filtered by the spam filtering unit 15ac is stored in the filtered spam storage unit 17b in the spam management server 17 (step S619). On the other hand, if the user agent 14 does not want to allow a session connection (step S621), the spam filtering unit 15ac refuses the session connection and terminates the communication (step S623).
[57] The spam management server 17 deals with various spam policies previously set by the call recipient and it includes a spam policy management unit 17a and the filtered spam storage unit 17b.
[58] The spam policy management unit 17a has a spam filtering unit 17aa, a spam monitoring unit 17ab and a spam storage unit 17ac.
[59] The spam filtering unit 17aa manages spam filtering policies according to the spam policies previously set by the call recipient user agent 14 such that a session connection is refused, a spam call is transmitted like a normal call and the spam is stored not in the call recipient user agent 14 but in the filtered spam storage unit 17b of the spam management server 17.
[60] The spam monitoring unit 17ab manages spam monitoring policies previously set by the call recipient user agent 14 such that spam reception is monitored or is required to be reported to the user agent 14.
[61] The spam storage unit 17ac stores the spam policies about the storage of the filtered spam which are previously set by the call recipient user agent 14.
[62] The filtered spam storage unit 17b stores filtered spam fed from the spam filtering unit 15ac in the proxy server 15.
[63] On the other hand, according to the process result of the proxy server 15, a spam call is transmitted to the call recipient user agent 14 or the spam filtering result is reported to the user agent 14 by the internet telephony service providers. The spam filtering result is outputted through an output unit 14a in the user agent 14 so that the call recipient can confirm. Further, the call recipient user agent 14 may properly store various desired spam policies into the spam filtering unit 17aa, spam monitoring unit 17ab or spam storage unit 17ac in the spam management server 17.
[64] Accordingly, in accordance with the present invention, a spam call is detected by analyzing the SIP message transmitted in order to establish a call session and spam is filtered out according to the spam policy previously set by the call recipient so that damage caused by internet telephony spam on the SIP network can be reduced.
[65] While the invention has been shown and described with respect to the embodiments, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the scope of the invention as defined in the following claims.

Claims

Claims
[1] A system for filtering SIP (Session Initiation Protocol)-based spam comprising: a spam detection unit for receiving a SIP message where labeling is performed from a sending user agent and detecting the spam using a label in the SIP message; a spam checking unit for checking a call recipient from the SIP message and confirming a spam policy previously set by the call recipient through a spam management server; and a spam filtering unit for filtering the spam based on the confirmed spam policy. [2] The system of claim 1, wherein the sending user agent has a mode selector for selecting a spam mode or a normal mode and a SIP message generator for generating and transmitting the SIP message where labeling is performed to the spam detecting unit in case of the spam mode. [3] The system of claim 2, wherein the SIP message where labeling is performed includes a start line, a message header and a message body and wherein the message header has an agreed text indicating spam inserted in its subject field. [4] The system of claim 1, wherein if the confirmed spam policy addresses the storage of spam, the spam filtering unit stores the filtered spam in a filtered spam storage unit of the spam management server. [5] The system of claim 1, wherein if the confirmed spam policy is set to break off a session connection, the spam filtering unit refuses a session connection and terminates the communication. [6] A method for filtering SIP-based spam comprising: generating and transmitting a SIP message where labeling is performed in case of a spam mode; managing a spam policy previously set by a recipient user agent; and if the spam is detected from the SIP message where labeling is performed, filtering a spam call based on the previously set spam policy. [7] The method of claim 6, wherein filtering the spam call includes: detecting the spam using a label inserted into the SIP message; checking information of a call recipient from the SIP message and confirming the spam policy corresponding to the checked information of the call recipient; and if the confirmed spam policy addresses the storage of spam, filtering the spam and storing it in a filtered spam storage unit of a spam management server. [8] The method of claim 7, wherein if the confirmed spam policy is set to break off a session connection, the session connection is refused and the communication is terminated. [9] The method of claim 6, wherein filtering the spam call includes: receiving the SIP message; checking information of a call recipient from the SIP message and confirming a spam policy corresponding to the information of the confirmed call recipient; if the confirmed spam policy addresses filtering, detecting the spam using a label inserted into the SIP message; and if the spam is detected, filtering the spam and storing it in a filtered spam storage unit of a spam management server. [10] The method of claim 6, wherein generating and transmitting the SIP message includes: checking whether in a spam mode; in case of a normal mode, switching the normal mode to the spam mode; in case of the spam mode, inserting a label into the SIP message; transmitting the SIP message containing the label to a recipient proxy server; and transmitting the spam to the recipient proxy server while a session is connected.
PCT/KR2008/004844 2007-09-05 2008-08-20 System and method for filtering sip-based spam Ceased WO2009031772A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/674,937 US20110119749A1 (en) 2007-09-05 2008-08-20 System and method for filtering sip-based spam

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020070089953A KR100910581B1 (en) 2007-09-05 2007-09-05 SPI-based spam filtering system and method
KR10-2007-0089953 2007-09-05

Publications (1)

Publication Number Publication Date
WO2009031772A1 true WO2009031772A1 (en) 2009-03-12

Family

ID=40429056

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2008/004844 Ceased WO2009031772A1 (en) 2007-09-05 2008-08-20 System and method for filtering sip-based spam

Country Status (3)

Country Link
US (1) US20110119749A1 (en)
KR (1) KR100910581B1 (en)
WO (1) WO2009031772A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120150959A1 (en) * 2010-12-14 2012-06-14 Electronics And Telecommunications Research Institute Spam countering method and apparatus

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100852145B1 (en) * 2007-11-22 2008-08-13 한국정보보호진흥원 Security System and Method of Call Control Message for SPI Based Web Service
US8332481B2 (en) * 2008-10-31 2012-12-11 At&T Intellectual Property I, L.P. Systems and methods for transmitting subject line messages
KR101114049B1 (en) * 2009-02-04 2012-02-22 엘지전자 주식회사 A method and apparatus for spam message management in a messaging system
CN113067765B (en) * 2020-01-02 2023-01-13 中国移动通信有限公司研究院 Multimedia message monitoring method, device and equipment
GB2600105A (en) * 2020-10-19 2022-04-27 Vodafone Group Services Ltd Method of reporting an unsolicited call to a network operator, and user equipment, network entities and telecommunications networks for performing the method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060032711A (en) * 2004-10-13 2006-04-18 주식회사 케이티프리텔 Recipient-based Spam Filtering Method and System
WO2007033344A2 (en) * 2005-09-14 2007-03-22 Sipera Systems, Inc. System, method and apparatus for classifying communications in a communications system
US20070150773A1 (en) * 2005-12-19 2007-06-28 Nortel Networks Limited Extensions to SIP signaling to indicate SPAM

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7409203B2 (en) * 2003-11-12 2008-08-05 Redknee Inc. Method and system for the prevention of unwanted wireless telecommunications
US7627670B2 (en) * 2004-04-29 2009-12-01 International Business Machines Corporation Method and apparatus for scoring unsolicited e-mail
WO2007019583A2 (en) * 2005-08-09 2007-02-15 Sipera Systems, Inc. System and method for providing network level and nodal level vulnerability protection in voip networks
CN100574203C (en) * 2005-10-26 2009-12-23 华为技术有限公司 A notification method and system for presenting information
US7801129B2 (en) * 2006-04-27 2010-09-21 Alcatel-Lucent Usa Inc. Method and apparatus for SIP message prioritization
US8527592B2 (en) * 2006-10-31 2013-09-03 Watchguard Technologies, Inc. Reputation-based method and system for determining a likelihood that a message is undesired

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060032711A (en) * 2004-10-13 2006-04-18 주식회사 케이티프리텔 Recipient-based Spam Filtering Method and System
WO2007033344A2 (en) * 2005-09-14 2007-03-22 Sipera Systems, Inc. System, method and apparatus for classifying communications in a communications system
US20070150773A1 (en) * 2005-12-19 2007-06-28 Nortel Networks Limited Extensions to SIP signaling to indicate SPAM

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120150959A1 (en) * 2010-12-14 2012-06-14 Electronics And Telecommunications Research Institute Spam countering method and apparatus

Also Published As

Publication number Publication date
KR20090024957A (en) 2009-03-10
US20110119749A1 (en) 2011-05-19
KR100910581B1 (en) 2009-08-03

Similar Documents

Publication Publication Date Title
EP2063590B1 (en) A method and system for transmitting email and a push mail server
US8832299B2 (en) Using the addressing, protocols and the infrastructure of email to support real-time communication
US8767543B2 (en) Terminal and method for storing and retrieving messages in a converged IP messaging service
US8825772B2 (en) System and method for operating a server for real-time communication of time-based media
US20100199133A1 (en) Methods for using the addressing, protocols and the infrastructure of email to support near real-time communication
KR20050042135A (en) Voice and text group chat techniques for wireless mobile terminals
US20100312845A1 (en) Late binding communication system and method for real-time communication of time-based media
EP2079197A1 (en) A method and system for coordinating the services provided by different service providers
WO2009031772A1 (en) System and method for filtering sip-based spam
CN103856391A (en) Information communication method and system, and server
US8300628B2 (en) Method and system for transmitting supplementary data, and communication terminal
EP2254319A1 (en) Integration of voice chat services
US20090109495A1 (en) Methods and apparatus to route fax calls in an internet protocol (ip) multimedia subsystem (ims) network
US8930466B2 (en) Method for internet-based messaging
EP1914971B1 (en) System and method for providing multimedia contents in a communication system
JP2007533245A (en) Message linkage system and method between mobile communication terminals
EP2293534A1 (en) Method and apparatus for forwarding voicemail
WO2008148339A1 (en) A method, a user agent for processing pager model message
CA2746734C (en) Email client capable of supporting near real-time communication and methods for using the addressing, protocols and the infrastructure of email to support near real-time communication
EP2391076B1 (en) Method and device for communication of real-time media
KR101348272B1 (en) Method for transmitting messages using the multimedia message service(mms)
WO2008040539A1 (en) A method for establishing a connection oriented communication after screening the call for desired characteristics
CN101836419B (en) Method and arrangement for providing voip communication
AU2013202611B2 (en) Method and device for near real-time communication
EP2037662B1 (en) Method of providing an improved call forwarding service

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08793357

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 12674937

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08793357

Country of ref document: EP

Kind code of ref document: A1